Freezerworks
laboratory informatics
raise its standards, if existing standards aren’t rigorous enough, or aren’t being adhered to. You need to set the minimum security requirements and policies for physical access to the system, as well as for the way that data is organised and moved around and out of that system. But you also need to make those policies not so hard to implement that data becomes inaccessible.’
Self-auditing security Systems developed for the clinical sector will have been developed with security features that meet CFR 21 part 11 (for electronic records), HIPAA, and other regulatory standards. McAuliffe says: ‘On top of these, you still need
to make sure that the informatics infrastructure has appropriate firewalls and security certificates in place. It has become increasingly common for companies to carry out their own security audits to determine how vulnerable that infrastructure is. Many companies are, for example, evaluating the security of their informatics systems against standards in the Open Web Application Security Project (OWASP). Tis kind of security auditing is becoming the norm throughout the life sciences sector.’
Cloud security in doubt Santa Rosa-based Comp Pro Med has been providing customised laboratory information systems (LIS) and laboratory information management systems (LIMS) to the clinical and more recently molecular diagnostics sector for more than 30 years, but the cloud is the last place that the firm would entrust any patient data, stresses CEO Jeff Fisher. ‘Discussions about whether the cloud is secure enough to house patient data have been going on for years, and published articles for and against continue to debate the issue. ‘At Comp Pro Med we look at the topic of
cloud breach as a case of when, rather than if, and when a major breach does occur it will put at risk an almost unimaginable volume and breadth of sensitive data. People are willing to jump into the cloud when they don’t really understand the implications of trusting their data to an infrastructure that just holds too much valuable data not to be broken into.’ Comp Pro Med works with hospitals, private
and teaching laboratories of every size, and with governmental units in all clinical and molecular diagnostic fields. Te firm’s flagship Polytech platform has been designed to support the end- to-end laboratory workflow, and incorporates security features that specifically manage patient data and medical soſtware and records. For example, the Polytech infrastructure
offers interfaces for electronic healthcare/ medical records, and a compliance solution for checking whether an existing LIS complies with
www.scientific-computing.com l
As biorepositories play an increasingly larger role in translational research, the need for effective patient level security throughout the institution increases
all current laws, requirements and standards. Te soſtware also automates as much of the workflow as possible, to minimise the need for manual entry and errors.
Health data more sought after than credit card data Te bottom line is that, as more and more data is generated, the cumulative value of that data increases, Fisher adds. ‘We’ve read that health data is now more sought aſter than credit card information.’ Critically, the Polytech platform ensures that
all data is retained within the laboratory walls, and a secure, bi-directional web portal connects the system with physicians and third parties for billing, ordering and the transfer of reports, Fisher comments: ‘We have been developing soſtware solutions for clinical laboratories since long before any off-the-shelf solutions existed, and that makes us unique. We approached the data security issue slightly differently, and from the ground up. At the most basic level, we break up and split all information, including patient data and analytical results, between multiple databases. Accessing this data requires a proprietary key.’ Te best approach to making data as secure
as possible is to not make yourself a target in the first place, continues Craig Wargin, Comp Pro Med CTO: ‘Te number one thing that keeps our patient data safe is that we do not host web servers that represent obvious ways in. Wherever possible, we keep all information local, and effectively locked behind the laboratory door. ‘All the soſtware we use within the laboratory
is deployed on PCs that are connected through a local network secured through firewalls and
@scwmagazine
TRANSFER OF DATA FROM ONE DESK TO ANOTHER, WHETHER VIA WEB PORTALS, FAXES OR PAPER PRINTOUTS, INTRODUCES RISKS IN DATA INTEGRITY AND SECURITY
other standard mechanisms. And all data, whether communicated within that network or moved through the web portal, is encrypted using our own custom encryption on top of network standards such as SSL or SFTP.’
Supporting healthcare providers In the clinical sector, the healthcare providers and the soſtware vendors both shoulder the actual responsibility for the security of protected health information (PHI) and other patient- related data, points out Ed Krasovec, director of clinical Solutions at LabWare. ‘Terefore, our solution must furnish the safeguards in our products to help ensure the safety of that data. To help limit their risks, we need to enable healthcare providers to restrict a user’s PHI data access to the minimum essential needed to perform their job. In some instances, that restriction may extend to very limited pieces of information.’ Te LabWare LIMS platform and electronic
laboratory notebook (ELN) are used widely by highly regulated industries, including the pharmaceutical and clinical sectors. ‘From a product standpoint we impose very granular controls on what an individual
APRIL/MAY 2016 21
➤
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36
